Lead Security Engineer
As a Lead Security Engineer I leveraged my technical background in Systems Engineering/Operations and Agile practices to establish a security operations team with a focus on collaboration with development teams and tooling integration with the Devops pipeline.The SecOps team focused on several key areas: Web Application Vulnerability Detection and Management, Secure Cloud Configuration Management, WAF Configuration Management, and Container Security.Major accomplishments include:* AppSec: Established a web application security program to include basic reconnaissance, inventory, automated scan configuration, high level vulnerability assessment, and remediation tracking for over 60 different web applications using Acunetix and Burp Suite* Container Security: Enforced security best practices for Docker containers through the use of approved Docker base images and continuous scanning of all container images for known vulnerabilities and misconfigurations in a CI/CD pipeline leveraging both open source and commercial tools such as AquaSec and Prisma.* Cloud Configuration Management: Implementation of a cloud configuration monitoring solution with automated remediation of cloud resource configuration based on a set of defined guardrails.